CVE-2006-2811

Exp

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964.

Published: 2006-06-05 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2006-2811 is rated High Exploit Risk (77.9/100): CVSS High severity, with high exploitation likelihood (EPSS 7.20%, 91th percentile). 8 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-2811

EDB-ID Source Kind Published Link
27950 exploit_db edb 2006-06-02 Exploit-DB ↗
27951 exploit_db edb 2006-06-02 Exploit-DB ↗
27952 exploit_db edb 2006-06-02 Exploit-DB ↗
27953 exploit_db edb 2006-06-02 Exploit-DB ↗
27954 exploit_db edb 2006-06-02 Exploit-DB ↗
27955 exploit_db edb 2006-06-02 Exploit-DB ↗
27956 exploit_db edb 2006-06-02 Exploit-DB ↗
27949 exploit_db edb 2006-06-02 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-2811

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-10-16 6.22% 7.20% +0.98%
2 2025-08-03 3.70% 6.22% +2.52%
3 2025-05-08 3.70%

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-2811

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2006-2811

Affected software / configurations for CVE-2006-2811

Vendor Product Version Raw CPE
cantico ovidentia 5.8.0 cpe:2.3:a:cantico:ovidentia:5.8.0:*:*:*:*:*:*:*

References for CVE-2006-2811

URL Tags
http://securityreason.com/securityalert/1033
http://www.osvdb.org/27209
http://www.osvdb.org/27211
http://www.osvdb.org/27212
http://www.osvdb.org/27213
http://www.osvdb.org/27214
http://www.osvdb.org/27215
http://www.osvdb.org/27216
http://www.osvdb.org/27217
http://www.osvdb.org/27218
http://www.osvdb.org/27219
http://www.osvdb.org/27220
http://www.osvdb.org/27221
http://www.osvdb.org/27222
http://www.osvdb.org/27223
http://www.osvdb.org/27224
http://www.osvdb.org/27225
http://www.osvdb.org/27226
http://www.osvdb.org/27227
http://www.osvdb.org/27228
http://www.osvdb.org/27229
http://www.securityfocus.com/archive/1/435590/100/0/threaded
http://www.securityfocus.com/archive/1/456893/100/200/threaded
http://www.securityfocus.com/archive/1/459572/100/0/threaded
http://www.securityfocus.com/bid/18232
https://exchange.xforce.ibmcloud.com/vulnerabilities/26981
cvelogic Threat Intelligence